将现有私钥导入BKS Keystore [英] Import existing private key into BKS Keystore

问题描述

我有一个由openssl通过以下方式生成的密钥对

I have a key pair generated by openssl in the following way

openssl genrsa -out private_key.pem 2048

openssl genrsa -out private_key.pem 2048

我将其转换为DER格式，如下所示:

The I convert it to DER format as follow

openssl pkcs8 -topk8-通知PEM-更新DER -in private_key.pem \ -out private_key.der -nocrypt

openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem \ -out private_key.der -nocrypt

现在我想在android中导入它，但是我不想导入它，因为我想在密钥库中保护它.

And now I want to import it in android but I don't want import it as it I want to protect it within a keystore.

所以我的问题是如何使用keytool将现有密钥导入BKS密钥库?

So my question is how can I import a existing key into BKS keystore using keytool?

谢谢

推荐答案

在密钥库中，Private Key始终伴随着Certificate Chain(包括相应的证书).您不能仅将其本身添加到KeyStore中.

A Private Key is always accompanied by a Certificate Chain (that includes the corresponding Certificate) in a KeyStore. You cannot just add it to the KeyStore just by itself.

一旦生成了Private Key，就可以生成一个自签名证书，然后可以使用此证书将私钥和证书一起添加到密钥库中.

Once you have generated the Private Key, you can generate a self-signed Certificate, you can then use this certificate to add your private key along with the certificate to the KeyStore.

生成自签名证书

openssl请求-new -x509 -key [PRIVATE_KEY_FILE] -out [SELF_SIGNED_CERTIFICATE_FILE] 天3650 -subj/[YOUR_SUBJECT_DN]

openssl req -new -x509 -key [PRIVATE_KEY_FILE] -out [SELF_SIGNED_CERTIFICATE_FILE] -days 3650 -subj /[YOUR_SUBJECT_DN]

创建包含私钥和证书的PKCS#12文件

openssl pkcs12 -export -inkey [PRIVATE_KEY_FILE] -in [CERTIFICATE_FILE] -out [PKCS12_FILE.p12] -name mykey

openssl pkcs12 -export -inkey [PRIVATE_KEY_FILE] -in [CERTIFICATE_FILE] -out [PKCS12_FILE.p12] -name mykey

最后，将PKCS12 KeyStore转换为所需的BKS存储类型

Finally, converting the PKCS12 KeyStore to your desired BKS store type

keytool -importkeystore -srckeystore [ABOVE_P12_FILE] -srcstorepass [ABOVE_P12_PASSWORD] -srcstoretype pkcs12 -destkeystore [NEW_P12_FILE.p12] -deststorepass [NEW_P12_PASSWORD] -deststoretype bks -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [ABSOLUTE_PATH_TO__bcprov-jdk15on-152.jar]

keytool -importkeystore -srckeystore [ABOVE_P12_FILE] -srcstorepass [ABOVE_P12_PASSWORD] -srcstoretype pkcs12 -destkeystore [NEW_P12_FILE.p12] -deststorepass [NEW_P12_PASSWORD] -deststoretype bks -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [ABSOLUTE_PATH_TO__bcprov-jdk15on-152.jar]

如果需要Java默认存储类型JKS，则可以从最后一个命令中删除-providerclass和-providerpath自变量.

If you need the Java default store type JKS, you can remove the -providerclass and -providerpath arguments from the last command.

这篇关于将现有私钥导入BKS Keystore的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！